The present invention provides a solution to the problem of applying end-to-end requirements of connectivity, security, reliability and performance to configure a network and ultimately assign network components to the network.
Network vulnerabilities due to configuration errors include reduced reliability for example because a backup link would not work since HSRP was misconfigured. Other vulnerabilities include: compromised security for example resulting from an unintended backdoor; SPoF across layers due to multiple virtual links mapped to the same physical interface; regulatory non-compliance such as an intended IPSec tunnel was not used due to a routing configuration error or an actual path did not protect customer data; or poor quality of service such as inconsistent QoS configurations on routers and switches impacting VoIP.
The present invention models all requirements as constraints and a constraint solver does the resolution. Sample requirements are: IPSec where IPSec tunnels are replicated at each router in a cluster; Static Routing where if an IPSec tunnel protects a packet, there is a static route for the packet into the tunnel; Firewalls where is an IPSec tunnel protecting a packet, every firewall permits the packet; and Dynamic Routing where RIP is not enabled on any node at which an IPSec tunnel originates.
The existing methods of solving the problem of eliminating vulnerabilities have led to several problems. First, how to scalably generate network component configurations compliant with high-level requirements of security, connectivity, performance and reliability. Second, if configurations are known but are non-compliant with the requirements, then how should the configurations be changed to enforce compliance.
One prior solution to solve the first problem is described by Sanjai Narain in U.S. patent application Ser. No. 11/284,368 entitled “Network Configuration Management by Model-Finding”. The application discloses formalizing high-level requirements as first-order logic network constraints and then solving these requirements using a SAT-solver-based model-finder. MIT's model-finders Alloy and Kodkod were used.
The model-finding approach does not scale to networks of realistic scale and complexity. This is because the process of compiling first-order logic constraint into Boolean form leads to very large intermediate constraints. For example, a constraint of the form “for all x1, for all x2, . . . , for all xk. P(x1, . . . , xk) has at least N^k distinct instances where N is the lower-bound on the size of the sets over which x1, . . . , xk can range. For realistic networks, N can be 1000 and k can be 4 leading to 10^12 instances. This number of instances is far more than what modern model-finders can handle.
There are currently no known solutions to the second problem.
There are no systematic solutions to the second problem. Systems like the one described by R. R. Talpade et al in U.S. patent application Ser. No. 11/900,674 entitled “IP Network Vulnerability and Policy Compliance Assessment by IP Device Configuration Analysis” only evaluate whether configurations are compliant with requirements but do not offer any way of changing the configurations to enforce compliance.